What is the price of cybercrime for companies? According to the latest research entitled “Cost of Cyber Crime Study” carried out by Accenture and Ponemon Institute, considering that an organization suffers an average of 130 violations per year (+ 27.4% compared to 2016) including infiltrations into the corporate network or computer systems of the company, the amount calculated is around 11.7 million dollars for each company. Analysts highlight an increase of 23% compared to the 9.5 million dollars recorded in 2016 and 62% in the last five years.
“An adaptive and dynamic security strategy must be adopted by organisations to ensure internal strength and not to focus on perimeter defence. There is also a need for a sector-specific approach to protect the entire company value chain. Cybercrime consequences for companies are more and more costly and damaging, underlining the growing importance of strategic planning and ongoing monitoring of investments for security”, said Kelly Bissell, Managing Director of Accenture Security, while giving an opinion on the data.
A policy against cybercrime is an investment too
Cyber Insurance, in this regard, represents a great opportunity but also a practical solution for any company, allowing the company’s assets to be shielded in the widest possible way from any harmful consequences of a cyber attack or human omission, even potential. Companies, in fact, must become more pragmatic in their way of experiencing all the advantages and disadvantages associated with business digitalization. In the age of the Web economy, we need a wider and more functional awareness of what risk management means. The issue not only concerns a cybercrime increasingly sophisticated, wily and intrusive, but also a community of users who, as a result of the consumerization of IT, have become accustomed to using fixed and mobile devices, but also applications downloaded from the cloud without any training on the threats that may arise from the Web as a result of incorrect behaviour having been carried out.
“How many times do our colleagues, in good faith, take their work home by sending an office email to their private account or uploading to a file sharing job service (perhaps because we have not provided them with a viable business alternative to do this)? Hence the main concerns of companies: recent studies have shown that 64% of companies are worried about not knowing where important data are, since the information has lost focus on the way it is conveyed. The problem is that the attack can come from someone who is hundreds of miles away from us, but most of the attacks today occur due to the user’s click”, states Luca Bechelli, Member of the Scientific Technical Committee, CLUSIT and independent consultant for IT security.
As the expert points out, companies need to develop a new awareness of how digital change affects the company. Each company has dozens of employees who have a mobile phone and, finding the door of the mail server open, start to download the mail on their device making liquid even the most shielded company. The advice? It’s time to work at the user level, offering a bit more culture as well as more timely solutions in case of data loss and IT downtime.
From now in two years the premiums for cyber risk coverage will reach 7.5 billion.
Another great risk faced by insurance companies, which are also the most appropriate to provide for protection, is the cyber risk, according to Maria Bianca Farina (Ania), heard by the Chamber’s Finance Committee as part of the fact-finding investigation into the impact of financial technology on the financial, credit and insurance sectors.
“So far, we have dealt with cyber risk with regard to corporate customers that first began to think about the risks that can arise – said Farina. However, the issue is also becoming relevant for other sectors such as retail. That’s why we’re studying insurance contracts and waiting for a huge change. Just consider that the global annual cost of computer fraud is assessed at a range between 100 billion and 1 trillion dollars and the average cost of an incident would range between 2 and 4 million dollars. These risks have also been estimated to have an impact of half a percentage point on US GDP or one point on German GDP. According to the Insurance Information Institute, premiums for cyber risk coverage will double in a very short time reaching 7.5 billion by 2020”.
Cybercrime policies: 3 points of interest
An effective insurance product for the management of Cyber Risk will be required to cover:
1) Direct and indirect tangible damage, such as the destruction or theft of a server as well as a fixed or mobile device supplied to the employee (PC, tablet, smartphone), bearing in mind however that other types of protection also exist for working tools not necessarily linked to an insurance policy (internal policies and regulations, for example).
2) Direct intangible damages such as, for example, the negligent erasure or destruction of a contact archive (leads, prospects, customers as well as more technical business information, perhaps related to developing technologies or research projects).
3) Indirect intangible damage affecting brand reputation, which may result in an actual loss of market value of company shares in the case of companies listed on stock exchanges..
The GDPR (General Data Protection Regulation, EU Regulation no. 2016/679), due to be implemented in May 2018, is credited with focusing on the issue of data protection, offering an opportunity to review positions and policies, but certainly does not resolve the whole of governance. That’s why the Cyber Risk category is a market for insurance companies offering plenty of new opportunities.